IPFS allowlisting and Project secret

Hello, i’m migrating all my project anonymously pinned files to my IPFS+ account, our current application is 100% frontend, even to add file to IPFS and in the documentation i see this:

If you are sending API requests from a web browser or other client-side application which does not have the ability to secure your Project Secret , allowlisting can be used to prevent a third party from using your Project ID on another website.

This means we can stay 100% front end and add files to our infura IPFS+ account using allowlisting but do we still need to sacrifice (expose) the Project Secret? Or with allowlisting the secret is not required?

Thanks in advance

Hi @Christophe_Verdot

In order to prevent unauthorized applications or users from using your project to make requests, you can specify the IP addresses from which requests can be made. You can either specify a single IP address (e.g. ) or a range of IP addresses (e.g ). If there are entries in this allowlist, then requests from IP addresses that do not match at least one of them will be rejected.


Allowlist entry:
Request’s IP address:
Result: Request is rejected , since it does not originate from the allowed IP address.

Thank you for the answer, so by doing that, i still need to use my secret (and expose it, even if non allowed IP cant use it) to make requests, thats correct?